“It’s kind of like Twitter,” Kamdjou said. Interestingly, the number of contributors so far has been only a small fraction of the total number of users that Sublime currently has. YARA for binaries, Sigma/EQL for logs, Snort/Suricata for networks, osquery/EDR for endpoint, Semgrep for static analysis are some of the examples Kamdjou cited. It’s also how many other security products not associated with email work. “Defenders know their networks better than anyone, but we weren’t arming them as a community,” Kamdjou said. “It means they can unite to fight the common enemy.” The approach it takes is unique in the market, he added. “Sublime gives detection teams the chance to take back control of the email inbox,” Dan Nguyen-Huu, a partner at Decibel, said in an interview. “The community-powered DSL means all of its customers are speaking the same language, sharing rules and being able to remediate better,” he said. That’s been of its selling points so far. Individual organizations subsequently make their own calls about how to customize their own email security, which of these rules to apply and which to leave to the side, putting significantly more power into the hands of customers. The Sublime team has written around two-thirds of the rules in Sublime’s database, with one-third contributed by the community, Thiel said. But it does borrow from some of that ethos. To be clear, Sublime is not “open source” and Thiel and Kamdjou said they were still deliberating what aspects, if any, they might potentially make open source down the line. He applied that crowdsourced model to how Sublime would track and grow its own database of threat vectors and approaches. Coming from the world of hacking and coding, using services like GitHub to track and contribute to projects was in his DNA. Kamdjou saw an opportunity to build a solution by tapping into the collective knowledge and working practices of developers. In his own testing, Kamdjou would apply a phishing technique one month, and then return a month later, “and the problem would still be there.” When new techniques were applied by hackers, the onus was upon vendors to issue patches and updates to their systems to account for those.īut then new techniques would come up, and so on and so forth, creating lags and gaps in protection. “Attackers are constantly coming up with new ways of bypassing defenses,” he said, the problem being that most of those defenses are based around security parameters set up by single security vendors, a “black box” approach in his words. And in addition to its most basic use - inbound email security - Sublime can be used to gather and analyze trends in threats to an organization, block entire domains, run security exercises for compliance and training, and more. Its code can be applied to Microsoft 365 and Google Workspace enterprise mail systems, as well as run on individual accounts via IMAP. Sublime covers vectors like malware, ransomware, credential phishing, VIP impersonation and callback phishing. Now, as it moves into general availability it’s also announcing funding of $9.8 million.ĭecibel is leading the round, with Slow Ventures and a number of individuals in the world of cybersecurity participating, including Sounil Yu (the Cyber Defense Matrix and DIE Triad creator) Snort and Sourcefire creator Martin Roesch veteran CISOs Jerry Perullo and Michael Sutton Demisto founders Rishi Bhargava and Slavik Markovich Lookout founder Kevin Patrick Mahaffey and Phantom Cyber and Pangea founder Oliver Friedrichs. The Washington, DC-based startup has been operating in private beta for over one year, and in that time it’s picked up a number of large multinational customers ranging from government organizations through to companies like Spotify - along with a waiting list of 2,500 others. Today a startup called Sublime Security is emerging from stealth with a novel, collective approach for tackling that problem: it has built a platform, and domain-specific language (DSL), for researchers and security operations people - those defending networks - to write, run and share rules with each other for detecting and blocking the wide range of threats most (and least) commonly delivered via email. alone, according a report last year from the FBI. Email is by far the most popular entry point for setting up and executing phishing, ransomware and other attack vectors, leading to some $2.4 billion in damages in 2021 across business email interactions in the U.S. Malicious hackers are getting ever more creative with the techniques they use to break into networks to steal data and wreak havoc, but their primary route for opening that door has remained pretty consistent.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |